Security audit
Codex Usage Widget
Security checks across malware telemetry and agentic risk
Overview
Available signals do not show malicious behavior, but the local artifacts could not be independently inspected in this sandbox, so users should review the install scripts before running them.
Before installing, read SKILL.md and any install.sh, uninstall.sh, or validation scripts to confirm the exact paths they read or modify, especially anything under ~/.codex. Proceed only if the widget installation behavior matches what you expect and the scripts do not access unrelated private files or credentials.
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
